Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
6
Replies

Usernames and password getting lost after reload of 4506 Switch

Go to solution
myassir76
Level 1
Level 1

‎01-11-2017 04:52 AM - edited ‎03-08-2019 08:52 AM

Dear All,

I am facing an strange issue. On my 4506-E Switch, aaa new-model is enabled and we have created some usernames and password with privilege level 15 and 10. Some usernames are created with keyword VIEW option. Issue is that, I am losing configuration of all usernames created with keyword VIEW from running config after reload of the Switch. However, those lost usernames I  am able to see in startup config at the same time. This issue is happening with usernames having VIEW keyword only. All other configuration is successfully getting copied from startup to running after reload. We will have to login the device with admin account and configure those lost usernames again in running config.

Configuration register value is 0x2102 and I have tried with latest IOS also but same issue is happening.

Please find the configuration related to aaa and other :-

!
username xxxx privilege 10 view john,ES team, secret 5 **************
username xxxx privilege 10 view John Michael,ES team,PSS secret 5 **************
username xxxx privilege 10 view mac,ES team,OSSOR secret ********************
username admin privilege 15 secret 5 **********************
username xxxx privilege 15 view Jhony,ES team, secret 5 xxxxx
username xxx privilege 10 secret 5 ***********
username console privilege 10 secret 5 ************.
!


!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!

alias exec shrun show run view full
privilege exec level 7 show config
privilege exec level 7 show configuration
privilege exec level 10 show running-config
privilege exec level 10 show log
privilege exec level 10 show ip route
privilege exec level 10 show ip ospf
privilege exec level 10 show ip bgp
privilege exec level 10 telnet
privilege exec level 10 show running-config view full
!
line con 0
stopbits 1
line vty 0 4
privilege level 15
password 7 ************
transport input ssh
line vty 5 15
password 7 ************
transport input ssh
!

Please suggest on this issue as soon as possible.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎01-11-2017 11:32 AM

Hello,

have you configured the parser view ?

Here is an example:

4506#conf t
4506(config)#enable secret cisco
4506(config)#aaa new-model
4506#enable view
Password:*****

You should then see something similar to this line:

*Jan 11 19:42:38.657: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.

4506(config)#parser view john
4506(config-view)#secret xxxx
4506(config-view)#commands exec include traceroute
4506(config-view)#exit
4506(config)#username xxx view john secret xxxxx
4506(config)#aaa authentication login default local
4506(config)#aaa authorization exec default local

View solution in original post

0 Helpful
6 Replies 6

Go to solution
andrewswanson
Level 7
Level 7

‎01-11-2017 10:56 AM

Is there a CONFIG_FILE variable in the output of "show boot"

hth

Andy

0 Helpful

Go to solution
myassir76
Level 1
Level 1
In response to andrewswanson

‎01-12-2017 04:53 AM

Hi,

Please find output as follows :-

#show bootvar
BOOT variable = bootflash:cat4500e-entservicesk9-mz.122-54.SG.bin,1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2102

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-11-2017 11:32 AM

Hello,

have you configured the parser view ?

Here is an example:

4506#conf t
4506(config)#enable secret cisco
4506(config)#aaa new-model
4506#enable view
Password:*****

You should then see something similar to this line:

*Jan 11 19:42:38.657: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.

4506(config)#parser view john
4506(config-view)#secret xxxx
4506(config-view)#commands exec include traceroute
4506(config-view)#exit
4506(config)#username xxx view john secret xxxxx
4506(config)#aaa authentication login default local
4506(config)#aaa authorization exec default local

0 Helpful

Go to solution
myassir76
Level 1
Level 1
In response to Georg Pauwen

‎01-12-2017 05:04 AM

Hi,

I am not able to see any view configuration in running config shared by client. I am not sure whether they have created parser view or not.

Will it show in show run config ?.

I am able to see only VIEW keyword in Username command and exec command only.

In your example, after run "enable view" command what password you entered ?. Is it enable secret password ?.

If incase, I need to configure view, will it be necessary to do aaa configuration again as I am already having some aaa configuration done.

Thanks in advance.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to myassir76

‎01-12-2017 07:17 AM

Hello,

'show parser view all' should show you all the CLI views configured.

Here is a somewhat more extensive description of the procedure:

http://www.stupidroutertricks.com/2011/09/role-based-cli-configuring-aaa-part-3.html

0 Helpful

Go to solution
myassir76
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2017 06:18 AM

Hi,

I think you are correct. Customer have not created any VIEWS and simply put VIEW keyword in usernames commands. I think this was causing the issue.

Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card